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INTRODUCTION 

IDB is a small memory, st arid -a lone debugger* for 680®, 6801, 6303 
or 6811 microprocessor systems. It is ideal for debugging 
assembly language programs. IDB acts as a very sophisticated 
replacement to the "MIKBUG" ROM available with most 6800 
development systems (MIKBUG is a registered trademark of Motorola 
Inc., and any reference herein is to their registered trademark). 

IDB allows the programmer to load and dump programs in MIKBUG 
format ? to display large blocks of memory; to examine memory 
locations in several display formats; to modify memory locations; 
to single-step programs; to set breakpoints and execute a 
program; and to search or fill memory for/with a particular 
value. 

This manual describes IDB Version 1.2. 

OPERATION 

IDB is usually burned into a set of ROMs and resides permanently 
in the development system. However, it can also be kept on 
external media and loaded when a debug session is about to begin; 
this scheme is not as safe (since the debugger might get 
clobbered) . 

IDB comes configured to communicate to the user through a serial 
port, usually an ACIA or 6551. This Dort is called the "console" 
device. Normally, the port is connected to a teletype or CRT 
device. The console device car* be changed by modifying a jump 
table. 

The programmer interacts with IDB via commands given at the 
keyboard. IDB gives no prompt; if no display action is 
occurring, IDB is in command input mode. The programmer enters 
commands, and if the command is valid, IDB executes the command 
and then returns to command input mode. IDB checks the input 
character by character. If art entry is syntactically or 
semantical ly incorrect, it is diagnosed immediately by a 
print-out of , ■??• , followed by a carriage-return and IDB remains 
in the command input mode. If there is a command error, the 
opened location is closed. 



In .the examples 
are keyed irr by 
appear as output 
typical debugger 
examples to set up 



included in this manual, underlined characters 

the operator.^ Comments to the right do not 

of the debugger; all other printed data is 

output. Many of the examples use previous 

a known situation. 



All IDB commands and hexadecimal numbers can be entered in either 
upper or lower case; in this manual only uppercase commands are 
shown, and a small letter immediately to the left of a command 
represents a numeric value entered by the operator immediately 
before the command keystroke. 
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COMMAND FORMAT 

All cornmmands to IDB fit one of the following forms: 

C (No Parameter) 

r«C (Single Parameter) 

n;C (Single Parameter) 

n, mC (Double Parameter) 

5C (No Parameter) 

where n is a value (hex number up to six digits depending upon 
the command) or simple hex arithmetic expression and m is a hex 
number- <CR) is a carriage-return, <LF) is a line-feed and C is 
a command character (letter, punctuation mark, <CR) , or <LF> ) . 
";" is a semicolon and ", " is a comma. 

VALUES ENTERED INTO THE DEBUGGER 

IDB accepts several formats for numbers: 

Hex numbers, a string of hex letters or digits: 
©A BC9 22 BD3FA9 

Single characters representing special values: 

. (Period), meaning the address of the last opened 
memory location, whether it is open now 
or not. This is referred to as the open 
location marker. 

* (asterisk), meaning the value that would be 

displayed as the P register contents on 
a register dump (location of next 
instruction to execute). 

# (pound sign), meaning the number of 

instructions single-stepped since last 
";#" command. 

'c (single quote, followed by any character), meaning 
"the ASCII value of the character c". 'A is 
equivalent to typing in 41 (hex); likewise, 'b == 



hex 62 



c. 



SIGNIFICANCE 

Numbers entered into IDB have significance (size in bytes) based 
on the number of digits keyed in. This significance is used by 
commands which store into memory or do hex arithmetic. 

1 or 2 digits gives 1 byte significance 

3 or 4 digits gives 2 byte significance 

5 or 6 digits gives 3 byte significance 

Special values (., *, #) have 2 bytes of significance 

'c has 1 byte of significance 
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IDB COMMANDS 

IDB commands fall into the following categories 



Set The Display Mode 

Examine and Modify Memory 

Hex Arithmetic 

Set Register 

Zero (Fill) arid Search With Mask 

Compute a Relative Displacement 

Dump Memory 

Switch the Dump/Search Output Channel 

Load Memory 

Punch Memory 

Breakpoints 

Execute and Single-Step 
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SETTING THE DISPLAY MODE 

The display mode commands affect the way the register display and 
memory examine commands display the currently open location. 

COMMAND OPERATION 

;A Set Display Mode to ASCII 

;H Set Display Mode to Single Byte Hex 

;X Set Display Mode to Double Byte Hex 

;0 Set Display Mode to Instruction 

The ;A display mode allows values to be displayed as ASCII 
characters. If a character is non-printable (hex ©-IF, 7F-9F, 
FF), then the byte is displayed in ;H mode. 

The ;H display mode allows values to be displayed as single-byte 
hex quantities. This display mode is default upon IDB startup. 

The ;X display mode allows values to be displayed as double-byte 
hex quantities. 

The ;0 display mode allows values to be displayed as 
instructions. If ari illegal instruction begins in the location 
being examined, then a "?" followed by a single-byte value is 
displayed. Otherwise, the instruction display format depends on 
whether the symbolic disassembly option has been enabled. 

SYMBOLIC DISASSEMBLY: Instructions are displayed in a format 
consistent with the SD assembler. Addresses, 
immediate values and offsets are shown as hexadecimal 
constants of the appropriate significance. 

NO SYMBOLIC DISASSEMBLY: If a single-byte instruction begins 
in the location being examined, then a single hex byte 
is displayed. If a double-byte instruction begins in 
the location being examined, then two hex bytes are 
displayed. If a triple-byte instruction begins in the 
location being examined, then three hex bytes are 
displayed. 

Display modes are not affected by single-stepping or user program 
execution. They may only be changed by explicitly typing in a 
new display mode command. If a display mode command is entered 
while a location is still open, the value in that location will 
automatically be displayed in the new mode. 
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EXAMINE AND MODIFY COMMANDS 

The examine and modify commands are used to display arid /or change 
memory locations and registers. 



COMMAND 



OPERATION 



1/ 

<LF> 

n<LF> 

n' % 

<CR> 

n<CR> 

1: 

"text" 

9 



Open Location 
Display Next 
Deposit 
Display 
Deposit 



1 and Display in Current Mode 



and Display Next 

Previous 

and Display Previous 
Close This Location 
Deposit and Close Location 
Open Location 1 
Deposit ASCII Text String 
Display Registers, Current Instruction, 
Last Opened Location 



and 



The 1/ command is used to open location 1 and display its 
contents in the current mode. "Opening a location" means to make 
it available for examination and/or modification. 

The <LF> (line-feed) command is used to advance the open location 
marker and display the contents of the new location in the 
current mode. If the current mode is ;H or ;A, the open location 
marker is bumped by one, arid the next byte is displayed. If the 
current mode is ;X, the open location marker is bumped by two, 
and the next two bytes are displayed. If the current mode is ;0, 
then the open location marker is bumped by the length of the 
instruction (1 if the instruction is illegal) and the next 
instruction is displayed. <LF> is only valid when a location is 
open. 

The n<LF> command is used to deposit from one to three bytes. 

The open location marker is bumped by the significance of n, 

regardless of display mode, and the contents of the new location 

are displayed in the current mode. n<LF> is only valid when a 
location is open. 

The A (up arrow) command is used to decrement the open location 
marker by one and display the contents of the new location in the 
current mode. A is only valid when a location is open. 

The n A command is used to deposit from one to three bytes. The 
open location marker is decremented by one, regardless of display 
mode, and the contents of the new location are displayed in the 



current mode. 



n' 



is only valid when a location is open. 
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The <CR> (carriage-return) command is used to close the currently 
open location. The open location marker is not advanced. <CR> 
is a no-op when a location is not open. 

The n(CR> command is used to deposit from one to three bytes into 
the open location. The open location marker is not advanced and 
the location is closed. n<CR> is only valid when a location is 
open. 

The 1: command is used to open location 1. No display occurs. 

The "text" command is used to enter ASCII text strings into 
memory. The opening " character signifies the start of this data 
entry mode, but does not actually deposit any data. The ASCII 
code for each character (keystroke) following the leading " is 
deposited into memory, and the open location is advanced by 1. 
Data entry is terminated by the second ", which does not cause 
any further data to be deposited. IDB then automatically 
displays the contents of the new value of the open location, as 
though <LF> had been typed. 

The ? Command is used to display the registers, the next 
instruction (in ;0 mode), arid the last opened location in the 
current display mode. This display is referred to as a register 
dump elsewhere in this manual. In a register dump, the contents 
of the registers follow the letter naming that register; the next 
instruction follows the */ (* means "value of PC"), and the 
contents of the last open location ar& shown as nnnn/dddd. . . . . 
Not shown in this manual, but displayed on the 6811 version, is a 
place for the Y register in each register dump. 
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Examples: 

100: 45<CRL OP£N LOCATION 100 AND DEPOSIT 45. THE 

LOCATION IS CLOSED. 
a./ 45 iA/ E iLF> EXAMINE LOCATION 100; CHANGE TO ;A MODE, 

SEE VALUE IN ASCII; EXAMINE NEXT. 
0101/ F jH/ 46 1QR> CHANGE TO ;H MODE, SEE VALUE IN HEX; 

CLOSE THE LOCATION. 
./ 46 <LF>. OPEN THE LAST LOCATION; EXAMINE NEXT. 

0102/ BD ;0/ BD7E00 BD7E05<LF>. 

CHANGE TO ;0 MODE, SEE VALUE AS INSTRUCTION; 

CHANGE VALUE AND EXAMINE NEXT. 
0105/ 39 01'2 DEPOSIT AND EXAMINE PREVIOUS 

0104/ ?05 * STILL IN ;0 MODE, 05 IS ILLEGAL OP CODE; 

EXAMINE PREVIOUS 
0103/ 7E0501 * CONTENTS OF 103 LOOKS LIKE "JMP" INSTRUCTION; 

EXAMINE PREVIOUS. 
0102/ BD7E05 iX/ BD7E <CR> 

CHANGE TO ;X MODE; CLOSE THIS LOCATION. 

800/ 0072 "ABCDiQR) 

IkELBiF" DEPOSIT TEXT DATA 

£09/ 992A 200/ 4142 iA/ A <LF> 

201/ B <LFr 

202/ C IlF) 

203/ D TEFL 

204/ 0D TlF). 

205/ 0A ILF). 

206/ D 1LF> 

207/ E <LF> 

208/ F 7LF7 

209/ 99 iQR). 

1 SHOW REGISTERS 

P«3005 A=01 B=FE C=C0 X=3031 S=4073 */ 7E3068 0105/ 01 

iO SWITCH TO OPCODE DISPLAY 

*/ 7E3608 391QRL FIX INSTRUCTION AT P COUNTER 

o 

P=3005 A=01 B=FE C=C0 X=3©31 S=4073 */ 39 3005/ 39 
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HEX ARITHMETIC 

Hex arithmetic is used to evaluate expressions. 

COMMAND OPERATION 

-n Find Negative of n 

rv-m Find Difference 

n+m Find Sum 

n= Print Value 

The -n command is used to take the two's complement of a one or 
two byte value. 

The n-m command yields the two's complement difference. 

The n+m command yields the two's complement sum. 



The n 55 command is used to print out the current 
appropriate significance. 



value using the 



Note that all arithmetic (negate, add, and subtract) only 
operates on one or two byte operands, and if a three byte operand 
is given, the leftmost byte is ignored and the significance 
becomes two rather than three. Also, significance is maintained 
in all arithmetic operations. For instance, adding one byte to 
one byte yields an answer of one byte whether or not a carry-out 
occurred. Adding two bytes to one byte will give two bytes of 
significance. The significance of the result will always by one 
or two bytes. When in doubt as to the significance of a result, 
use the print value operator (=) . A result of an arithmetic 
operation is treated as though the programmer had typed in that 
value itself, and may be followed by commands requiring values. 
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Examples: 



~801=FFFF 

IzfcFF 
8885-6=FFFF 

6-005=0081 

118085-S=FFFF 

FF+i-00 
00FF+ 1=0188 
5=85~*~ 

EEi©= F F r ®® 
EEl®®®^? 7 ®®®® 

EEiiiliiz®®®* 

r~i+3-4+|=03 
§4+0/ FE 1CR> 
^®A0_.<CR>_ 

5+.=88A5/ 37 <CR> 

i 0-1=40+' Z=9A <RUB0UT> 

100/ ££85 iH/ ££ LBzL 

o 

P=3885 A=81 B=FE C=C0 X=3831 S=4873 */ 39 
*z2=3803/ FF iQ/ FF8039 



NEGATE 1 BYTE VALUE 
NEGATE 2 BYTE VALUE 
1 BYTE DIFFERENCE 
£ BYTE DIFFERENCE 

3 BYTES BECAME £ 
1 BYTE SUM 



PRINT 5 

PRINT FF00 

PRINT FF0088 

ANSWER IS £ BYTES ONLY 

LOOK AT LOCATION A8 

PRINT ADDRESS OF LAST OPENED LOCATION 

IGNORE VALUE (SPACE) AND GO TO NEW LINE ( (CR> ) 

EXAMINE LOCATION .+5 
?? USE RUBOUT TO GET RID OF VALUE 
8-A=07 (CR> 



8188/ 87 
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SETTING REGISTERS 

The following commands are used to change the contents of a 
specific register by name. 



COMMAND 



OPERATION 



A Set A Register to n 

B Set B Register to n 

C Set C Register to n 

D Set D Register to n 

X Set X Register to n 

Y Set Y Register to n 

S Set S Register to n 

P Set P Register to n 



The n;A n;B n^C commands set registers ABC respectively to the 
rightmost byte of n. 

The n$X n;S n^P ;D ;Y commands set registers X S P D Y 
respectively to the rightmost two bytes of n (the D register 
consists of A and B treated as a 16 bit values the Y register is 
present only on the 6811). If a one byte value is given, a 
leading zero byte is assumed. 

When the stack pointer is set, IDB assumes that the value given, 
minus 6 (minus 8 for the 6811), points to a (interrupt) context 
block (i.e., n-7+1 (n-9+1 for 6811) points to a condition code 
byte). The contents of this context block are used as the values 
of the registers. 

When IDB starts up, it invents a seven (nine for 6811) byte stack 
for the user's context block using a value specified by the INITZ 
routine. If this value is not appropriate, it is a good idea to 
assign (via n;S) a convenient stack before doing any debugging. 
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Examples: 



? 

P=3®05 A=01 
lS34iD 

? 

P=3005 A=34 

ii* 
? 

P=3005 A=34 

ig34iX 

? 

P=3®05 A=34 

FEx£ 

11/ 00 

? 

P=00FE A=34 
FE/ 00 2245 
? 

P=00FE A=34 

iX 
? 

P«00FE A=34 

IQ 
? 

P=00FE A=34 



SET THE A REGISTER TO 01 

SET THE B REGISTER TO FE 

SET THE C REGISTER TO C0 

SHOW REGISTERS 
B=FE C=C0 X=3031 S=4073 */ 7E30S8 0105/ 01 

SET THE A REGISTER TO 34 

SET THE B REGISTER TO 5S 

SHOW REGISTERS 
B=56 C=C0 X=3031 S=4073 */ 7E3068 0105/ 01 

SET X TO 0001 

SHOW REGISTERS 
B=56 C=C0 X=0001 S=4073 */ 7E3068 0105/ 01 

SET X TO 1234 

SHOW REGISTERS 
B=56 C=C0 X=1234 S=4073 */ 7E3068 0105/ 01 

SET P REGISTER TO 00FE 

LOOK AT LOCATION FE 

SHOW REGISTERS 
B=56 C=C0 X=1234 S=4073 */ ?00 00FE/ 00 
<CR1 MAKE IT AN INSTRUCTION 

SHOW REGISTERS 
B=56 C=C0 X=1234 S=4073 */ 2245 00FE/ 22 

CHANGE DISPLAY MODE 



B=56 C=C0 X=1234 S=4073 */ 2245 
CHANGE DISPLAY MODE 



00FE/ 2245 



=56 C=€0 X=1234 S=4073 */ 2245 00FE/ " 



Cautions setting the stack pointer (S register) causes the 
remaining registers to take on arbitrary new values according to 
their positions in the context block pointed to by the new value 
of the S register! f 



SET THE STACK POINTER TO 00FE 
SHOW REGISTERS 
P=0022 A=F4 B=45 C=C0 X=789F S=00FE */07 






00FE/ 
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nM 


M 


nS 


S 


n, mS 


n, mZ 


n, m? 
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ZERO (FILL) AND SEARCH WITH MASK 

The fill commmand is used to fill memory with a one, two or three 
byte value from a mask. This is effectively a zero command when 
the mask is zero. The search command is used to search memory 
for a one, two or three byte value using the mask. 

OPERATION 

Set Mask 

Show Mask 

Set Search Target 

Show Search Target 

Search Using Mask Between n and m 

Zero (Copy Mask to Memory) Between n and m 

Checksum memory 

The r»M command is used to define a mask for the search and zero 
(fill) commands. The mask may be one, two or three bytes long 
with one bits specifying the bit positions to ignore (mask out) 
while searching. The mask is defaulted to a single-byte zero 
upon IDB startup. 

The M command is used to show the last value defined as the mask 
as a one, two or three byte value. 

The nS command is used to define a search target to be used with 
the search command. The search target may be one, two or three 
bytes long specifying the exact sequence of bits to search for. 
Selected bit positions of the search target may be overriden by 
one bits in the mask. 

The S command is used to show the last value defined as the 
search target as a one, two or three byte value. 

The n, mS command is used to search memory between n and m 
inclusive for the occurance of the search target. The mask is 
used while searching to specify bits in the search target arid the 
memory to ignore. The mask must be the same length as the search 
target. The search command will print out the address and 
contents of that address for each match found. Note that rn-n+1 
search attempts are made regardless of search target length. 

If the search target and the mask are three bytes long, then 

three bytes are printed out for each match. IDB will compare 

against loc n, n+i, n+£ for a match; then n+i, n+£, n+3, through 
loc m, m+i and m+2. 

If the search target and the mask are two bytes long, then two 
bytes are printed out for each match. IDB will compare against 
loc n, n+i, for a match; then n+1, n+2, through loc m, m+1. 

If the search target and the mask are one byte long, then one 
byte is printed out for each match. IDB will compare against loc 
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n for a match; then n+i through loc m. 

Note that a match may occur if a search target begins within the 
limits (inclusive), even though the remaining bytes may cross the 
limit. The output of the search command is normally directed to 
the console device- The output can be switched to the dump 
channel by using the T command- The search command may be 
interrupted at any time by typing an escape character on the 
console device- 

The n,mZ command (fill) is used to copy the mask to memory 
between n and m inclusive- If the mask is one byte long then the 
mask is copied m-n+1 times into locations m, m+1, m+2« . . n-1, n. 
If the mask is two or three bytes then the mask is copied 
INT( (m-n+i) /2) or INT( (m-n+i) /3) times respectively into memory 
with any leftover bytes being filled with leading mask bytes. 
For example, if the mask is three bytes and "108, 107Z" is entered 
on the console device, then the mask is copied to locations 10® 
through 102 and 103 through 1®5, and locations 106 and 107 get 
the left-most two bytes of the mask- The zero (fill) command 
never- modifies a location past the address given as the second 
parameter. 

The n, m? command is used to compute a simple checksum over the 
address range n thru m, inclusive- The value of the checksum is 
printed- This is used mostly for fast determination of whether a 
portion of RAM has changed or not. 
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Examples: 



M 0© 

FFM 

I®£iAEEZ 

BD3F92| 

000000M 
20004.3000S 

20FE/ BD3F92 
219A/ BD3F92 
3000/ BD3F92 
S BD3F92 

1®@®EE1!! 

2000 t 20FFS 

£010/ BD3F5ft- 

20FE/ BD3F92 

7E0100M 

50011 EEEEiQB> 

4000J.5000Z 

iQ 

4000/ 7E0100 

4003/ 7E0100 
4FFF/ 7E01FF 
lilia.2000? 57 



BYTES) 
BITS) 

& 3000 



INCLUSIVE 



SET MASK TO ZERO (ONE BYTE) 

SHOW MASK 

FILL 100 THRU IFF WITH ZEROES 

SET MASK TO FF (1 BYTE) 

FILL 100 THRU IFF WITH FF 

SET SEARCH TARGET TO BD3F9£ (3 

SET MASK TO 3 BYTES (IGNORE NO 

FIND SEARCH TARGET BETWEEN 2000 

FOUND IT HERE 

FOUND IT HERE 

FOUND IT HERE 

SHOW SEARCH TARGET 

SET MASK TO IGNORE LAST BYTE OF SEARCH 

FIND ALL JSR'S TO 3FXX 

FOUND IT HERE 

FOUND IT HERE 



INSTALL "JMP *100" INSTRUCTIONS BETWEEN 4000 & 5000 



<le> look at what we did 

<cr7 
note that loc 5001 was untouched 
checksum locations 1000 thru 2000 
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COMPUTE RELATIVE DISPLACEMENT COMMAND 

This command is used to compute the relative displacement byte of 
relative branch type instructions. 

COMMAND OPERATION 

nR Compute Relative Displacement 

This command is used to find the difference in addresses as a one 
byte value between . +1 arid n« If the address given (n) is 
outside the range of a relative branch-type machine instruction, 
an error will occur. The way this command is used is to open a 
location where a relative displacement byte is to be deposited, 
and specify the target address (n) followed by "R". 

Examples: 

10®/ 2021 iH/ 20 <LF> WE HAVE A "BRA *123" 

101/ 21 105R«03iC|r TELL IDB TO MAKE A "BRA *105", DISPLAY THE 

DISPLACEMENT, THEN DEPOSIT IT 
sJZll £0 lQ/ 2003 NOW GO CHECK ENTIRE INSTRUCTION 

^+1/ ?03 0R?? TELL IDB TO MAKE A "BRA *0" ; HE SAID 

THAT'S TOO FAR! 
.J ?03 90RICRL TELL IDB TO MAKE A "BRA *90" 
.-1/ 208E NOW CHECK ENTIRE INSTRUCTION 
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DUMP MEMORY COMMAND 

This command is used to display large areas of memory in hex and 
ASCII on the dump device. 

COMMAND OPERATION 

l,n/ Dump Memory to Dump Device 

The ar&a dumped is specified by 1 and n. 1 is used as an 
address; n may be a byte count (significance of one) or an 
address (significance of two). If a byte count is used as the 
second parameter, dumping begins at 1 and continues for n bytes. 
If ari address is used as the second parameter, dumping begins at 
1 ar\d continues until address n is reached (inclusive). Beware 
of specifying a second parameter address that is smaller than the 
first parameter address; an awful lot of memory will be dumped!! 
The output of the dump is normally directed to the console 
device. The output can be switched to the dump channel by using 
the T command. The dump device may be a console, printer, or a 
disk file, depending upon the configuration. See the section on 
I/O entry points to find out how to change the dump device. The 
dump may be interrupted at any time by typing an escape character 
on the console device. This causes the dump to stop and IDB to 
return to the command input mode. 

After dump is complete, location 1 is opened for changes or 
re-display i ri a different display mode. 
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Examples: 



50*1®/ DUMP 16 BYTES 

005®/ 00 7D CD 9D 80 9F 84 8® 00 00 00 £0 39 30 31 31 . >M. 



■ ■ m « m a . 



901 



DUMP FROM ADDRESS 0055 TO 0061 

00 00 08 £0 39 38 31 31 9011 

Z. 

DUMP FROM 100 TO IFF INCLUSIVE 

03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F , ... 

13 14 15 16 17 18 19 1A IB 1C ID IE IF . 

23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F ! "#*#&' <>*+,-. 
33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 0123456789: ; <=> 
43 44 45 46 47 48 49 4 A 4B 4C 4D 4E 4F ©ABCDEFGHIJKLMN 
53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F PQRSTUVWXYZm^ 
63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F * abcdef ghijklmn 
73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F pqrst uvwxyz-C i >* 
83 34 3u 86 37 38 39 8A 36 8C 3D SE SF ......«>»..■.■.. 

93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F 

A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF !"#$%&' (>*+,-. 
B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF 0123456789:; <=> 
C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF ©ABCDEFGHIJKLMN 
D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF PQRSTUVWXYZm^ 
E3 E4 E5 E6 E7 E8 E9 EA EB EC ED EE EF % abcdef ghijklmn 
F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF pqrst uvwxyz-C i >~ 
\ 
The address on the left side of the page is the address of the 
first byte printed. Addresses increase by one for each byte 
displayed from left to right, so that the address of the $5F byte 
is $15F. The characters to the right are in one-to-one 
correspondence from left to right with the displayed hex bytes, 
arid are the ASCII equivalents of the bytes dumped. Control 
characters and $7F, $FF are printed as a period. The parity bit 
is ignored. 



151.861/ 
8855/ 9F 


84 


00 


0868/ 


5A 


9A 




lOS^lFF/ 

81007 00 


01 


02 


8118/ 


10 


11 


12 


0128/ 


20 


21 


oo 


8130/ 


30 


31 


3d 


0140/ 


48 


41 


42 


0150/ 


58 


51 


52 


0160/ 


60 


61 


62 


0170/ 


70 


71 


72 


0188/ 


30 


31 


82 


8198/ 


90 


91 


92 


81A8/ 


A8 


Al 


A2 


81B8/ 


B8 


Bl 


B2 


81C8/ 


C8 


CI 


Ccl 


01D0/ 


D0 


Dl 


D2 


01E0/ 


E8 


El 


E2 


01F0/ 


F8 


Fl 


F2 
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SWITCHING THE DUMP/SEARCH CHANNEL 
COMMAND OPERATION 



nT 



Switch Dump/Search Output Channel 



The nT command is used to switch the dump/search output between 
the console and the dump, channel- If n is zero, then the console 
is selected for dump/search output- If n is non-zero, then the 
dump channel is selected for dump /search output. Console output 
is defaulted upon IDB startup. 



Examples: 

®T 

If 



SET DUMP/SEARCH OUTPUT TO CONSOLE 
SET DUMP/SEARCH OUTPUT TO DUMP 
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LOAD COMMAND 

This command is used to load programs in MIKBUS format from the 
load device- Certain irnpl mentations of IDB can load SDOS load 
records instead of MIKBUG, and other irnpl mentations may not have 
a load command at all. 

COMMAND OPERATION 

5L Load object records from Load Device 

A successful load will print the address of the last byte loaded. 
This can be helpful in situations where you don't know how big a 
program is, or if you do, you have an extra verification that all 
is ok. If a checksum error occurs while loading, or an illegal 
character is encountered in a load record, the first address of 
the block being loaded is printed out followed by ,, ?? M indicating 
the error. The load may be interrupted by typing an escape 
character on the console device at. any time. The address of the 
block being loaded will be printed out, showing how far the load 
had progressed before being interrupted, and then IDB will return 
to the command input mode. See the section on I/O entry points 
to find out how to change the load device. 

Examples! 

iL 17E3 SUCCESSFUL LOAD, LAST BYTE WENT INTO 17E3 

i.L 01B0?? CHECKSUM ERROR ON BLOCK 1B0 

iL 12S0 ESCAPE WAS TYPED AFTER THE LOAD BEGAN. 

IDB SAYS THAT HE WAS ON BLOCK 1200 

WHEN INTERRUPTED 
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PUNCH COMMAND 

This command is used to dump ("punch", a term inherited from 
paper tape days) memory out in to the punch device- The standard 
object file format produced is MIKBUG, but certain 
implementations of IDB may produce SDOS object records, or the 
punch command may not be present at all. 



COMMAND 



OPERATION 



l,nP 



Punch object records to Punch Device 



The area punched is specified by the addresses 1 and n. Punching 
begins at 1 and continues until address n is reached ( inclusive) . 
Beware of specifying a second parameter address that is smaller 
than the first parameter address; an awful lot of memory will be 
punched!! See the section on I/O entry points to find out how to 
change the punch device. Punching may be interrupted at any time 
by typing an escape character on the console device. This causes 
the punching to stop and IDB returns to the command input mode. 
Note that an end record ("S9" in MIKBUG format) is not punched. 
This allows the punching to the same file of different and not 
necessarily contiguous areas of memory. When all punching is 
complete, the end record can be punched by entering the command 
"8, 8P". 

Examples: 



IE®is.3FFFP 



PUNCH OUT 188 THRU £88 ... 
FOLLOWED BY 3F88 THRU 3FFF 
END FILE ON PUNCH 
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BREAKPOINT COMMANDS 

"Breakpoints" are used to stop a program at a certain place so 
that the state of the machine cart be examined. The programmer 
places breakpoints in his program where he would like to be able 
to interrogate the machine registers arid whatever else may be 
interesting; then he tells IDB to run his program (see G 
commands). When the program hits a breakpoint, control is passed 
to IDB, which does a register dump. The programmer can then 
examine or change memory, place new breakpoints, start his 
program again or continue execution from where it left off. The 
breakpoint commands are used to set up to four realtime 
conditional or unconditional breakpoints, showing breakpoints, 
and deleting breakpoints. 

COMMAND OPERATION 

1! Set Unconditional Breakpoint on Address 1 

l,c! Set Conditional Breakpoint 

! Show Breakpoints 

1\ Remove Breakpoint from Address 1 

K Kill All Breakpoints 

An IDB breakpoint instruction (BKPT) may be either a SWI 
instruction or a three byte extended JSR instruction, depending 
on configuration. Associated with each BKPT is an iteration 
counter arid a conditional subroutine. The BKPT instruction is 
"planted" at the breakpoint location during realtime execution to 
regain control when encountered. The conditional subroutine is 
used to return "true" or "false" depending upon some arbitrary 
user-specified conditions. The iteration count is used to count 
down the "true" responses from a conditional subroutine until the 
counter becomes zero, at which time the breakpoint is considered 
to be "hit". 

There are two types of breakpoints: conditional and 
unconditional. Conditional breakpoints are associated with a 
user- defined conditional subroutine. Unconditional breakpoints 
are really conditional breakpoints that ar-e associated with an 
IDB-defined conditional subroutine that always returns "true". 

IDB uses the BKPT instruction at each breakpoint to regain 
control after encountering a breakpoint during realtime 
execution. CSince JSR BKPT takes three bytes, no JSR-styple 
breakpoint may be set within two bytes of another breakpoint (IDB 
won't allow it) 3. Note that setting breakpoints in ROM doesn't 
work, as they cannot be stored at execution time. This may not 
be obvious since the breakpoints aire invisible to the user (they 
can't be seen in the user's code) while IDB is in the command 
input mode. The BKPT instructions are not "planted" in the user 
code until realtime execution is requested (see G commands), so 
that if a breakpoint were set at location 18© (by entering 
"1801"), examination of location 188 will still show the original 
user code rather than IDB' S BKPT instruction. 
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When the user's program is executing, and it encounters a BKPT, 
the conditional subroutine is invoked and the iteration count for 
that breakpoint is decremented by one if the subroutine returns 
"true". If the counter goes to zero, then the breakpoint is 
"hit" 5 all BKPTs are removed, the original user code is restored 
and a register dump is displayed on the console device. IDB then 
enters command input mode- Otherwise (the breakpoint was not 
hit), the single-stepper will simulate instructions until the P 
register is outside the region that the BKPT instruction occupies 
(in case it is a JSR), then realtime execution continues without 
any notification to the user that a BKPT was encountered (and not 
"hit"). 

A conditional breakpoint "hit" happens when the conditional 
routine for that breakpoint signals condition true for n times, 
where n is the iteration count for that breakpoint (initially set 
to one at breakpoint setting). Note that the iteration count is 
not decremented if the conditional routine returns "false" 
condition. 

An unconditional breakpoint "hit" happens when the breakpoint is 
encountered n times, where n is the iteration count for that 
breakpoint (initially set to one at breakpoint setting). Note 
that the iteration count is always decremented because the 
conditional subroutine used by IDB always returns "true" 
condition. 

When a breakpoint hits, the next instruction to execute is the 
one at the breakpoint address (the instruction at the breakpoint 
has not yet been executed). Entering the G command on the 
console after hitting an unconditional breakpoint will result in 
an immediate breakpoint "hit" without having executed any 
instructions because the P register still points to the 
breakpoint location and breakpoints aY*& re-installed when 
realtime execution is requested and, exhausted breakpoints have 
their iteration counts reset to one. The only way to continue 
from a breakpoint is to use the single-step (N, X, nX or nU) or 
the proceed (P or nP) commands. Since the proceed commands and 
unexhausted breakpoints (iteration count non-zero) single-step 
until the P register is outside the region of the BKPT, it is 
safe to breakpoint on the beginning of any legal instruction (the 
single-stepper refuses to execute an illegal instruction) 
provided that some other instruction does not branch into the 
region occupied by the BKPT instruction. 
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Example 



BRft 



LI 



L0 
Li 



BED 
LDftfi 



L3 
#5 



Breaking on L0 is hazardous during realtime execution if the "BRA 
LI" is executed, and IDB is using JSR for BKPT instructions- The 
reason for this is that the breakpoint JSR is planted at L8 and 
it will take up the first byte of Li, so that during realtime 
execution, LI does not contain a "LDflft #5" instruction! ! This 
will not be a problem during single-stepping because the BKPT 
instructions are not "planted". 



Example; 



BSR 



XYZ 



Breakpoint ing the BSR is fatal when the RTS in subroutine XYZ is 
executed because the third byte of a breakpoint JSR covers the 
first byte of the instruction following the BSR- When the called 
subroutine returns, the instruction will most likely be invalid, 
and at the very least will cause unpredictable results- For this 
reason, IDB will not let you set a breakpoint on a BSR or a JSR 
indexed- If you wish a breakpoint there anyway, change the 
opcode to a NOP, set the breakpoint, and change the opcode back. 
This will not be a problem during single-stepping because the 
BKPT instructions are not "planted". 

The set breakpoint command (1!) is used to set an unconditional 
breakpoint on a particular location with ari iteration count of 
one. No more than four breakpoints (conditional or 
unconditional) may be set at a time. 

The set conditional breakpoint command (l,c!) is used to set a 
conditional breakpoint on a particular location with art iteration 
count of one. 1 specifies the break address arid c specifies the 
address of the conditional breakpoint subroutine- The 
conditional subroutine must be coded using 6800 machine 
instructions. When a conditional break is encountered during 
realtime execution, IDB will JSR to the user-defined conditional 
subroutine. fit this point a context block exists on the user's 
stack representing the state of the user's registers at the time 
the break location was encountered. IDB will pass to the 
subroutine a pointer to the context block in the X register 
exactly as the S register would point if seven bytes were pushed 
on the user's stack. 
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Example: 

If X points to n, then the registers are found in the following 
locations when the conditional breakpoint subroutine is entered: 



n 


TRASH ! 


n+l 


C ! 


n+£ 


B ! 


n+3 


A ! 


n+4 


X HIGH i 


n+5 


X LOW ! 


n+6 


P HIGH ! 


n+7 


P LOW •! 



The user? s S register at the time of the break is equal to X+7. 
(The above diagram is different in the obvious way for a 6811). 



The conditional subroutine may test for any condition or 
combination of conditions (including keeping its own iteration 
count) and signal to IDB the truth of the condition by returning 
the Z bit on in the condition code byte if condition is true and 
I bit off for false. The conditional subroutine returns to IDB 
by executing a "RTS" instruction. If the user wishes to set a 
conditional breakpoint at location 10® to break when register A 
is equal to the contents of location 5, he might decide to 
install the conditional subroutine at location 5080, so he enters 
"180, 5000! " on the console device. The conditional subroutine 
code could look like the followina: 



9605 LDAA 5 
5002 A103 CMPA 3, X 
5004 39 RTS 



GET LOCATION 5 

COMPARE TO REG A IN CONTEXT BLOCK 
Z BIT SET ON IF EQUAL, OFF IF 
NOT EQUAL 



The user then 
his program. 



installs this code at location 5000 before running 
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5008 


8C3279 


CPX 


5003 


07 


TPA 


5004 


8804 


EORA 


5006 


0& 


TAP 


5007 


39 


RTS 
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Let's say the user wishes to build a conditional subroutine to 
return "condition true" if the S register (stack pointer) was not 
equal to $3280 (hex constant). Since the S register at the time 
of the breakpoint is equal to X+7 while inside the conditional 
subroutine, installing the following subroutine would do the 
trick: 

#$3280-7 C0MPARIN6 X TO n-7 IS EQUIVALEN 
I WANT Z ON IF NOT EQUAL 

#4 SO I MUST INVERT THE Z BIT 
BEFORE I RETURN TO IDB 
Z IS SET ON IF NOT =, OFF IF » 

Note that the conditional subroutine is using IDB' S stack which 
is not infinitely deep, so don't push too far. Also, IDB is 
running with interrupts disabled, so please don't turn them on. 

Examples: 

180! SET BREAK AT LOCATION 180 

1021?? CAN'T BREAK HERE, TOO CLOSE TO 100 

1 SHOW BREAKPOINTS 

8180 

48521 SET BREAK AT 4852 

! SHOW BREAKPOINTS 

4852 8100 

5000/ 7E jO/ 7E1276 §C3279<LF> INSTALL CONDITIONAL SUBROUTINE TO 

TEST FOR S (> $3280 

5003/ ?00 87<LF> 

5884? 9681 8884"(LF>_ 

5886/ DE83 86<LR 

5887/ 8B 39iCRl 

i®®^!®©®!?? BREAKPOINT ALREADY HERE 

188\ DELETE BREAKPOINT 188 

I SHOW BREAKPOINTS 

4852 

li2*_58i®L SET CONDITIONAL BREAKPOINT AT 188 

I 

8188 4852 

K KILL ALL BREAKPOINTS 

! SHOW BREAKPOINTS 

NONE LEFT 
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EXECUTION COMMANDS 

The execution commands are used for single-stepping instructons, 
realtime execution, proceeding from breakpoints and setting the 
iteration counter for breakpoints. 

COMMAND OPERATION 

G Start Realtime Execution (GO) 

nG Set P Register and GO 

P Continue Realtime Execution From Breakpoint (Proceed) 

nP Proceed From Breakpoint and Set Iteration Counter 

X Single-Step One Instruction 

nX Single-Step Multiple Instructions / Until Address 

nU Single-Step Until Condition Occurs 

N Single-step past current instruction 

# Value representing number of instructions stepped 

5# Zeros number of single-stepped instructions 

The G command is used to start realtime execution from the 
current context block (the context block consists of all the 
registers displayed by the "?" command). All of the registers 
are loaded up (including S register) and control is transferred 
to the user program. Instruction execution begins with the 
instruction pointed to by the P register, and execution continues 
in real time. If a breakpoint JSR is encountered, IDB will 
regain control arid do one of two things s 

1) If the breakpoint is conditional, then IDB calls the 
user-defined conditional subroutine for this breakpoint. 
If a "true condition" is returned, then the iteration 
counter for this breakpoint is decremented by one. 

£) If the breakpoint is unconditional, then the iteration 
counter for this breakpoint is decremented by one. 

Now IDB will give a register dump and enter command mode if the 
iteration counter for this breakpoint is zero. Otherwise, it 
will carefully single-step instructions until the P register is 
outside the area occupied by the breakpoint JSR instruction, then 
continue realtime execution. 

If no breakpoint is hit then, well, I hope your program is 
debugged (see non-maskable interrupt). If the program runs away 
and restart of IDB is necessary, and breakpoints were already 
planted when the problem occurred, then the locations with 
breakpoints will have to be manually repaired; that is, the 
original user code at those locations must be restored by hand. 
If you don't do this and ari old breakpoint is encountered that 
IDB doesn't remember (IDB initializes his breakpoint table upon 
startup), a breakpoint display will occur. One cannot proceed, 
go, or single-step past the forgotten breakpoint. 
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If the user types an escape character on the console device and 
IDB encounters any breakpoint, IDB will return to command input 
mode and give a register dump. The user may immediately continue 
by using P commands. 

Also note that breakpoints change the characteristics of realtime 
execution. That is, each instruction that the single-stepper 
must execute as a result of encountering a breakpoint consumes 
about three milliseconds. For example, a breakpoint installed on 
the sequences 

LDftG #2 or LDGft #2 
CLRB LDftB #3 

may have to single-step through two instructions (about 6 
milliseconds), because a breakpoint JSR covers a portion of the 
second instruction. 

The nG command sets the P register in the context block to n, 
then does a G command. If the significance of n is one, a 
leading zero byte is assumed. 

The P command is used to continue realtime execution from a 
breakpoint. Instructions are single-stepped until the P register 
is out of the range occupied by the breakpoint JSR instruction, 
then execution continues in realtime execution as if a G command 
was used. Note that the G command could not be used in place of 
a P command immediately after a breakpoint was hit. Entering a G 
command at this point would cause another immediate breakpoint. 

The nP command sets the iteration counter for the last breakpoint 
hit, and then does a P command. Which breakpoint was hit is 
remembered by an IDB variable called the "break pointer". The P 
commands will not proceed if the breakpointer is invalid. Here 
are some possible conditions that can invalidate the 
breakpointers 

1) Restart IDB. 

2) Encounter a conditional breakpoint whose conditional 
subroutine returns "condition false". 

3) Killing all breakpoints. 

4) Deleting the breakpoint that was last hit. 

ft way to set the iteration counter for a breakpoint is to set the 
breakpoint, go to the location, giving an immediate breakpoint, 
then set the P register as desired, then use the nP command, 
filso, a conditional subroutine could have its own iteration 
count. 
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The X command is used to single-step one instruction at a time, 
ft register dump on the same command line occurs followed by a 
carriage-return after single-stepping each instruction- The 
single-stepper refuses to step past an illegal instruction or an 
old and forgotten breakpoint (this is an unusual circumstance 
because IDB only forgets breakpoints when the user restarts him 
— see the G command). If art unusual condition exists (including 
breakpoint hit while stepping — see below) an extra 
carriage-return will be printed out before the register dump. 
The purpose of this is to attract the user's attention to an 
unusual condition by a conspicuous change in the display format. 

The single-stepper steps through an instruction first and then 
checks to see if the next instruction has a breakpoint. If it 
does, and the breakpoint is conditional, the conditional 
subroutine is called to see if the condition is true. If the 
condition is true or it's unconditional, and the iteration count 
goes to zero, a carriage-return is printed out before the 
register dump to call the user's attention to the fact that a 
breakpoint hit. Any proceed command may be used if desired after 
a breakpoint is hit, even though the user was single-stepping. 
Note that while single-stepping the breakponts are not physically 
planted in the code, but they ar& still checked. This is nice if 
the program lives in ROM. 

IDB remembers the last breakpoint encountered even while 
single-stepping. As long as the breakpointer (see P commands for 
explanation) remains valid, P commands are valid. Let's say that 
an unconditional breakpoint was installed at 10®, and a 
conditional breakpoint "was installed at 105. If we single-step 
through 10®, the breakpointer remembers that 1©0 was the last 
breakpoint hit so that if P commands ar& used, they can set the 
iteration count for this breakpoint. Let's step once, P register 
shows 102; P commands would be valid at this point. Step again, 
P register shows 105, the conditional subroutine was already 
called, it returns a false condition (no hit on this one), the 
breakpointer is invalidated; P commands would be invalid at this 
point because it is unclear to IDB (and us) whether the iteration 
count for 1®0 or 1©5 should be set. So the moral is: P commands 
are not valid after stepping through conditional breakpoints that 
don't hit! ! 



Copyright (C) 1977, 1982, 1988 £8 Software Dynamics, Inc. 



IDB (INTERPRETIVE DEBUGGER) USER'S MftNUAL 



The nX command is used to single-step n times if the signif icance 
of n is one (note that ®8®1 has a significance of two)- Entering 
"0X" (execute zero instructions) does the obvious, so don't waste 
your time with this one- Single-stepping quits when IDB has 
executed n instructions or has encountered a breakpoint that 
hits. If n has a significance of two, single-stepping quits when 
the P register is equal to n or a breakpoint hits- Only one 
register dump is given for each nX command entered- Typing an 
escape character on the console device will stop the 
single-stepper, give a register dump, and return to IDB command 
input mode- fin interesting way to say "execute forever" is to 
enter "yyyyX" where "yyyy" is some address that the program will 
never execute. The nX command is a very powerful tool for 
debugging, and it's easier to use than setting breakpoints. 

The nU command is used to single step until some condition is 
true- The value n is treated as the address of a conditional 
breakpoint test subroutine- The single-stepper is invoked 
repeatedly, and after each invocation, the conditional test 
subroutine is called (assuming a breakpoint has not been 
encountered, or (escape) has not been hit by the programmer). If 
the conditional test says "false", single-stepping continues, 
otherwise, IDB stops single-stepping and does a register dump. 
This command is particularly useful when trying to find out who 
is storing into a memory, location; one sets up a conditional 
routine that checks to see if the desired location has changed, 
and turns IDB loose with the U command. It will stop after the 
instruction that changed the memory location. Single stepping 
will stop if IDB encounters an illegal instruction. IDB will 
stop immediately and do a register dump. 

The N command is used to single step until the PC is equal to the 
address of the current instruction plus its length. This is used 
to quickly single-step through a subroutine called by a BSR or 
JSR. 

The single stepper increments a counter every time it is called. 
The value of this counter can be used as a value by using a # 
symbol as an argument; it can be displayed by entering "#=" as a 
command- The counter is zeroed (and displayed) by entering a 
" ;#" command. This is primarily useful when attempting to build 
very tight real time code, and an accurate instruction count for 
some process is needed. 
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Examples: (this is worth examining carefully!) 
!©2iE § SET P COUNTER TO 108 AND GO 



100G 



SET P COUNTER TO 100 AND GO 



100! 100G SET BREAKPOINT AND GO, GIVING IMMEDIATE BREAKPOINT 

P=0100 A=4E B=4C C=53 X=524E S=9F73 */ 7E0132 0100/ 7E 

P SINGLE-STEP LOCATION 100 AND START REALTIME EXECUTION 

100! 100G 

P=0100 A=4E B=4C C=53 X=524E S=9F73 */ 7E0132 0100/ 7E 

100P SET ITERATION COUNTER TO 256 AND DO P COMMAND 






SET P COUNTER TO LOC 100 AND SINGLE-STEP 



X P=0132 A=00 B=00 C=C0 X=0000 S=00FD */ 8E0032 0100/ 7E 



P=0135 A=00 B=00 C=C0 X=0000 S=0032 */ £003 
P=013A A=00 B=00 C=C0 X=0000 S=0032 */ 86FF 
P=013C A=FF B«00 C=€0 X=0000 S=0032 */ 06 



P=013D A=FF B=( 
P=013F A=01 B=< 



C=FF X=0000 S=0032 */ 8601 
C=F1 X=0000 S=0032 */ 16 



0100/ 7E 
0100/ 7E 
0100/ 7E 
0100/ 7E 
0100/ 7E 



100iP SET P COUNTER TO 100 AND STEP 37 TIMES 

1|X P=0118 A=D0 B=D0 C=D0 X=0148 S=002E */ 33 0000/ 3F 

1005.P SET P COUNTER TO 100 AND STEP UNTIL ADDRESS 915 

915X P=0915 A=00 B=FF C=F0 X=003D S=0032 */ 3E 0000/ 3F 
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i2»Z ?E lQ/ 7E030B 4AiLF> 
0101/ ?03 08<LF> 
0102/ 0B 7C00057lF> 
0105/ 737600 £0iLF>" 
0106/ 76007E 100R7Er>. 
5000/ 733220 9605 7Cf> 



5004/ 0A 39<CR>. 

6F73iS 

illlP 8*8 0iX 5/ ?72 0<CR1 



P=0100 A=00 B= 

idlCR) 

P=0100 A=00 B= 

X P=0101 A=FF 

X P=0102 A=FF 

X P=0105 A=FF 

1001 <CR> 

X 

P=0100 A=FF B= 

X P=0101 A=FE 

X P=0102 A=FE 

X P=0105 A=FE 

X 

P=0100 A=FE B 

P 



:6E C=CD X= 



INSERT "INCA" 
INSERT "INX" 
INSERT "INC 5" 
INSERT "BRA *100" 

INSTALL CONDITIONAL BREAKPOINT ROUTINE 
FROM PREVIOUS EXAMPLE 



S=6F73 */ 4A 



0005/ ?00 



*6E C=CD X=0000 S= 
B=6E C=C9 X=0000 
B=6E C=C9 X=0001 
B=6E C=C1 X=0001 



6F73 */ 4A 0005/ 00 
S=6F73 */ 08 0005/ 00 
S=6F73 */ 7C0005 0005/ 00 
S=6F73 */ 20F9 0005/ 01 



=6E C=C1 X=0001 S= 
B=6E C=C9 X= 
B=6E C=C9 X= 
B=6E OC1 X=0002 



6F73 */ 4A 0005/ 0i 
S-6F73 */ 08 0005/ 01 
S«6F73 */ 7C0005 0005/ 01 
S«6F73 */ 20F9 0005/ 02 



=6E C=C1 X*0002 S«6F73 */ 4A 



0005/ 0'c 



P=0100 A=FD B=SE C=C1 
3P 



X=0003 S=67F3 */ 4A 



5/ 03 



P=0100 A=FA B-6E OC1 



X=0006 S=57F3 #/ 4A 



0005/ 06 



P=0100 A=80 B=6E C=CB X=0080 S=67F3 */ 4A 



0005/ 80 



5000/ 9605 1LFL 
50027 810E <LFL 
5004/ 39 iCR> 
5/ 80 iH/ 80 5000U 
P=0105 A=F2 B=21 C=C0 
100/ BD020001iCR> 

ii®Z IQeiliiCRL"* 

I00iE 
i# 0047 
N 



INSTALL CONDITIONAL BREAKPOINT. 
TO TEST FOR (5) = HEX ' E' 

SINGLE STEP UNTIL (5) = HEX ' E' 



X=010E S=6F73 */ 20F9 



;/ 



ENTER A SUBROUTINE CALL 

SUBROUTINE IS INCA/DEX/RTS 

GET SET TO SINGLE STEP THRU SUBROUTINE 

RESET STEPPED INSTRUCTION COUNT 

SINGLE STEP PAST SUBROUTINE 



P=0103 A?=F3 B=£l C=C0 

#=0004 



X=010D S=6F73 */ 01 0005/ 0E 

SHOW NUMBER OF INSTRUCTIONS STEPPED 
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NON-MASKABLE INTERRUPTS 

IDB traps non-maskable interrupts, gives a register dump, and 
goes into command input mode- This is normally used to stop an 
undebugged program that is not hitting any breakpoints. Using 
the non-maskable interrupt entry point will cause IDB to remove 
any BKPT instructions and restore the user's code. The P 
register will point to the next instruction to execute. P 
commands are not valid, but X, N and G commands are. See the 
section on the I/O interface table to see how to re-direct (in 
effect, override) the non-maskable entry point jump. A NMI can 
be used to stop a dump or a search display, but this will destroy 
the user program's context block (see "?" command). 

THE I/O INTERFACE TABLE 

This table contains jumps to the IDB entry point and non-maskable 
interrupt entry point, and jumps to the entry points of all the 
I/O routines. The I/O is channel -oriented 5 that is, IDB does all 
control I/O on one channel, loading on a second, punching on a 
third, and dumping on a fourth. By plugging in jumps to new I/O 
routines, IDB can be customized to perform in virtually any 
environment. All routines must return with interrupts disabled. 
If interrupts are enabled, switching to a stack with space for 
the interrupts is required, and the stack must be restored when 
the return is made. All registers except those specified can be 
trashed. All entry point jumps are relative to the first address 
of IDB, which is usually on a 4K boundary. Let's say that n 
represents the first address of IDB, then we have the following 
descriptions: 

Sacred space (n+*8) through (n+$4) - don't touch!! This is the 
program runaway entry point. 

DEBUG (n+$5) contains a jump to the first instruction of IDB. 
The restart vector should be aimed here. Sacred space, don't 
t ouch ! ! 

DEBNMI (n+*S) contains a jump to the non-maskable entry point. 
If the non-maskable vector is aimed at this point, then IDB will 
handle the interrupt. If this is the case, then this location 
can be plugged with another jump to override this if desired. If 
the non-maskable vector is aimed somewhere else, and it is 
desired that IDB handle the interrupt, then someone must jump to 
this entry point. 

Sometimes it is convenient to build a context block in software 
and transfer control to this point. If this is the case, 
interrupts must be disabled before transferring to DEBNMI. 
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DEBRESET (n+$B) contains a jump to am IDB internal RESET routine- 
This is used by power-up reset code to make sure that the 
debugger has been initialized (i.e., is ready to take an NHI or a 
runaway) without transferring control to the debugger. If control 
is not passed to DEBUG at power up, this subroutine *must* be 
called by the reset logic. 

GETC (n+*E) contains a jump to the I/O routine responsible for 
reading a character into register ft from the control device 
(normally a terminal). All input routines must ignore nulls and 
strip the parity bit off the resulting character. 

ECHO (n+*il) contains a jump to the I/O routine responsible for 
out putting a character from register ft to the control device (use 
a "RTS" here for MIKBUG or any half-duplex device). This routine 
is used for echoing input characters, obviously. 

PUTC (n+$14) contains a jump to the I/O routine responsible for 
outputting a character from register ft to the control device. 

OPENL (n+$17) contains a jump to the I/O routine responsible for 
opening the load file (send XON for some devices, or whatever is 
required) . 

REftDL (n+$lft) contains a jump to the I/O routine responsible for 
reading a character from the load file into register ft. 

CLOSEL (n+*lD) contains a jump to the I/O routine responsible for 
closing the load file (send XOFF for some devices, . or whatever is 
required) . 

CREftTP (n+$20) contains a jump to the I/O routine responsible for 

creating ari output file for the punch channel. In an operating 

system environment, this may mean to open a file which is 

reserved for punching, or whatever is appropriate. 

WRITEP (n+$£3) contains a jump to the I/O routine responsible for 
outputting a character to the punch file from register ft. 

CLOSEP (n+$£6) contains a jump to the I/O routine responsible for 
closing the punch file (whatever is appropriate). 

CREftTD (n+*£9) contains a jump to the I/O routine responsible for 
creating an output file for the dump channel. 

WRITED (n+*£C) contains a jump to the I/O routine responsible for 
outputting a character to the dump file from register ft. 

CLOSED (n+*2F) contains a jump to the I/O routine responsible for 
closing the dump file (whatever is appropriate). 
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ESCAPE (n+*32) contains a jump to the I/O routine responsible for 
checking for the occurrence of art escape character on the control 
device. Does immediate return with Z bit set if yes, reset if 
no. Does not echo the character. If you ar-e replacing MIKBUG, 
then this feature won't work, so place a "LDftft #1", "RTS" here. 

INITZ (n+*35) contains a jump to the I/O routine responsible for 
all initialization functions, such as resetting ftCIfl' s or 
whatever is appropriate for your configuration. INITZ is called 
only once for each transfer to DEBUG entry point. Note that 
DEBRESET also calls INITZ. On exit from INITZ, the X register 
must contain the default user program Stack pointer (the INITZ 
routine can set up the context block so the registers contain 
default values). IDB uses this value once at the DEBUG entry 
time as though an n;S was typed in as the first command. (Some 
systems set up art initial stack pointer in such a way that typing 
"G" immediately after starting up IDB causes a transfer to a disk 
bootstrap program). The first 7 (9 for 6811) bytes of the 128 
bytes of RAM scratch storage allocated to IDB are set aside to be 
used as this default stack. 

INTDS (n+*38) contains a (jump to a) subroutine which disables 
all interrupts. For most 6800 systems, these three bytes can be 
set to NOP,SEI,RTS. 

INTRTI (n+*3B) contains a (jump to a) routine that conditionally 
enables interrupts and then does an RTI. The "I" bit in the 
condition code register on top of the stack (1=0 means "enable") 
does am RTI. Most 6800 systems can simply place an "RTI" here. 

FETCHBYTE (n+$3E) contains a (jump to a) routine that fetches a 
byte to the ft register from the location specified by the 
contents of the X register, arid advances the X register by one. 
This is used to allow IDB to access a user ROM that normally 
lives where IDB is in the address space. Normally this contains 
the code "LDftft 0, X\INX\RTS". 

STOREBYTE (n+$42) contains a (jump to a) routine that stores the 
content of the ft register in the location specified by the X 
register, and advances the X register by one. This is used to 
allow IDB to store into RftM that normally occupies the space used 
by IDB during debugging. Normally contains the code 
"STftft 0, X\INX\RTS". 
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BREAKPOINT INST (n+*46) contains the instruction to use for a 

breakpoint- Changing the first byte to SWI causes IDB to store 

only a SWI; otherwise, it stores 3 byte JSR for breakpoints- 
Normally contains "JSR BREAKPOINTENTRY". 

BREAKPOINTENTRY (n+$49) is the entry point into IDB where a 
breakpoint must go after pushing a context block on the stack and 
advancing the PC past the breakpoint instruction. If 
BREAKPOINTINST contains a SWI, the SWI vector must be configured 
to (eventually) transfer control to this location. 

PRESINGLESTEP (n+$4C) contains (a jump to) code to enable the 
user space and then do art RTI, which sets the registers to the 
values of the user program. This is used by the single stepper 
just before it executes a user program instruction, so that the 
stepped instruction sees user ROM/RAM where IDB is located, 
rather than IDB. Normally contains "RTI/SWI/SWI". 

POSTSINGLESTEP (n+*4F) contains the address (FDB) of the re-entry 
point into IDB after executing a single instruction. The 
registers will be saved by IDB. 

POSTSINGLESTEPDONE (n+$51) contains the entry point for re-entry 
into IDB after single-stepping. A context block, storing the 
machine state after the stepped instruction, must be pushed onto 
the stack before transferring control to this point. Used only 
if IDB is bank-switched. 
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RAM- based IDB for SDOS 

ft version of IDB that is loadable under single-user SDOS 1- 1 is 
available. It operates identically to standard IDB with the 
exception of the commands listed below. Fundamentally, IDB for 
SDOS uses SDOS system calls so that IDB can access any user 
files. Thus, it is possible to load a file, make patches, and 
save the final result. 

To invoke IDB from SDOS, type: 

IDB will respond, 

IDB VI. 2 

fit this time, IDB will sem i -permanent ly allocate about 4K bytes 
at the top of the user space for its own use. This space will 
not be available for use by programs being debugged. The top of 
user space pointer (*FC, *FD) will be adjusted appropriately. 

If G is typed immediately after loading, IDB will exit back to 
the command interpreter, but is still available for debugging via 
a ' V D and the SDOS command DEBUG. 

To load a file for debugging, type: 

In response to the load file request, the name of the file to be 
loaded is entered and terminated by a return key. ftn example: 

iLoad filename ( <CR> to exit IDB): DgiMYNEWPROGRftMiCR).. 

Responding with an empty line causes IDB to release its block of 
allocated space, and to exit back to SDOS. IDB is then not 
available via ' V D or DEBUG. 

To send a memory dump to a file, enters 

II 

The user must supply a file name in response to IDB's request for 
a dump file name. 

The user will have to supply a filename for each dump requested. 
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Example: 

II 

Punch/Dump file name? LBll 
To send a MIKBUG punch file to a file, the user must type 

n, mP 
and give a filename in response to the request for a dump file. 

Punch/Dump filename? = MYFILEJf IXEJHCR). 

Successive punches will go to the same file until a 0,0P command 
i s used . 

Warnings Don't use a dump command before a 0, ®P is issued after a 
sequence of punches as the dump and punch files are the same. 

Note: IDB uses the highest available channel number for its file 
operations: this may conflict with the program being debugged. 
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COMMAND SUMMARY 



;A ;H ;X ;0 Set Display Mode to ASCII /Hex/ Index/Opcode 

1/ Open Location 1 and Display in Current Mode 

<LF> Display Next 

n<LF> Deposit and Display Next 

' x Display Previous 

n x * Deposit and Display Previous 

<CR> Close This Location 

n<CR> Deposit and Close Location 

"text" Deposit Text Into Memory 

1 : Open Locat ion 1 

? Display Registers, Instruction, and Last Opened Location 

-n Find Negative of n 

n-m n+rn Find Surn/Di ff erence 

n= Print Value 

n;A n;B n;C Set S bit register register to n 

n;D n;X n;Y Set 16 bit register to n 

n;P Set P Register to n 

n?S Set S Register to n 

nM Set Mask 

M Show Mask 

nS . Set Search Target 

S Show Search Target 

n, mS Search Using Mask Between n and m 

n, mZ Zero (Copy Mask to Memory) Between n and m 

n,m? Compute checksum over range and display 

l,n/ Dump Memory to Dump Device 

nT Switch Dump/Search Output Channel 

?L Load From Load Device 

l,nP Punch to Punch Device 

1! Set Unconditional Breakpoint on Location 1 

l,c! Set Conditional Breakpoint c on Location 1 

! Show Breakpoints 

1\ Remove Breakpoint From Location 1 

K Kill All Breakpoints 

G Start Realtime Execution (GO) 

nG Set P Register and GO 

P Start Realtime Execution from Breakpoint (Proceed) 

riP Proceed from Breakpoint and Set Iteration Counter 

X Single-Step One Instruction 

nX Single-Step Multiple Instructions / Until Address 

nU Single-Step Until Condition Occurs 

N Single-step until Next instruction 

;# Reset and display single-step count 

nR Compute Relative Displacement 

Value Equal to Last Location Examined 

* Value of P-Counter Displayed in Register Dump 

# Value of number of single-stepped instructions 
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